Pruefung auf ungueltige Where-Parameter
This commit is contained in:
parent
19845dacad
commit
b14a49b786
@ -203,9 +203,10 @@ public class CLIClientConnectorServlet extends HttpServlet {
|
|||||||
*
|
*
|
||||||
* @return queryString a query string that can be used to select the
|
* @return queryString a query string that can be used to select the
|
||||||
* required Objects
|
* required Objects
|
||||||
|
* @throws ServletException
|
||||||
*/
|
*/
|
||||||
private String buildQuery(Class<?> eType, Map<String, String> where,
|
private String buildQuery(Class<?> eType, Map<String, String> where,
|
||||||
ArrayList<String> oids) {
|
ArrayList<String> oids) throws ServletException {
|
||||||
String rval = "";
|
String rval = "";
|
||||||
|
|
||||||
boolean first = true;
|
boolean first = true;
|
||||||
@ -217,6 +218,8 @@ public class CLIClientConnectorServlet extends HttpServlet {
|
|||||||
rval += (first ? "" : " and ")
|
rval += (first ? "" : " and ")
|
||||||
+ "(obj." + AbstractEntity.escapeString(kname) + " = '" + AbstractEntity.escapeString(where.get(k)) + "')";
|
+ "(obj." + AbstractEntity.escapeString(kname) + " = '" + AbstractEntity.escapeString(where.get(k)) + "')";
|
||||||
first = false;
|
first = false;
|
||||||
|
} else {
|
||||||
|
throw new ServletException("illegal input\nunknown field: " + k);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user